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Abstract. One of the unique features of the digital currency Bitcoin is 
that new cash is introduced by so-called miners carrying out resource- 
intensive proof-of-work operations. To increase their chances of obtaining 
freshly minted bitcoins, miners typically join pools to collaborate on the 
computations. However, intense competition among mining pools has 
recently manifested in two ways. Miners may invest in additional com- 
puting resources to increase the likelihood of winning the next mining 
race. But, at times, a more sinister tactic is also employed: a mining pool 
may trigger a costly distributed denial-of-service (DDoS) attack to lower 
the expected success outlook of a competing mining pool. We explore 
the trade-off between these strategies with a series of game-theoretical 
models of competition between two pools of varying sizes. We consider 
differences in costs of investment and attack, as well as uncertainty over 
whether a DDoS attack will succeed. By characterizing the game's equi- 
libria, we can draw a number of conclusions. In particular, we find that 
pools have a greater incentive to attack large pools than small ones. We 
also observe that larger mining pools have a greater incentive to attack 
than smaller ones. 
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1 Introduction 

Bitcoin is a decentralized digital currency that first became operational in 2009 
[l]. While cryptographically protected digital currencies have been around for 
decades p], none has received the attention or experienced the same rise in 
adoption as Bitcoin [3]. 

There are many factors that contribute to the success of a currency. Most 
currencies are tightly associated with a particular country, and are influenced 
by decisions regarding economic factors and political leadership. At the same 
time, internal stakeholders and external trade partners benefit from the adoption 
and maintenance of a stable currency. Wider adoption enables positive network 
effects, e.g., by enabling exchange of goods beyond the scope of a traditional 
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barter community. However, currencies remain in competition with each other, 
and new currencies might gain a foothold if they offer comparative advantages 
to a certain set of stakeholders 4 Q 

One reason why Bitcoin has attracted enthusiastic backers is that its design 
creates opportunities for participants to shape its future and to profit from its 
success. The artificially constrained money supply helps drive up the exchange 
rate over time, rewarding those who have invested in bitcoins. Most importantly, 
new bitcoins are given as rewards to the miner who finds the solution to a com- 
plex mathematical problem. However, this also means that new entrants in the 
market for Bitcoin mining impose negative externalities on other contributors. 
Each new miner who contributes to Bitcoin automatically lowers the value of 
the relative contributions of all other miners. 

Miners respond in two primary ways to increase their output during the 
quest to earn another bundle of bitcoins. First, they form associations with other 
contributors in mining pools. Second, they may invest in additional computing 
resources. For example, the increasing value of Bitcoin has also created a market 
for specialized hardware. At the same time, botnets have been used to increase 
the output of mining pools that control these illegally acquired resources. In the 
end, the most powerful mining pool is the most likely to win the next race. 

There is one caveat to this relatively straightforward process. More recently, 
attacks hampering the effectiveness of mining pools have been observed. Dis- 
tributed Denial of Service Attacks (DDoS) frequently target mining pools in 
order to disrupt their operations (e.g., the distribution and submission of dele- 
gated tasks). There are two primary objectives that attackers are following when 
facilitating DDoS attacks on mining pools. First, the operations at competing 
mining pools are slowed down which might give a decisive (but unfair) advan- 
tage in the race for the next bundle of bitcoins. Second, individual miners might 
become discouraged and decide to leave "unreliable" mining pools as the result 
of these attacks0 

Mining pools have been sporadically targeted by DDoS attacks since 2011. 
According to an empirical analysis of Bitcoin-related DDoS attacks [6] , mining 
pools are the second-most frequently targeted Bitcoin service after currency 
exchanges. Of 49 mining pools, 12 experienced DDoS attacks, often repeatedly. 



1 Rules for currency competition may differ by country. For example, in the United 
States the following rules are of importance. United States money, as identified by 
the U.S. Code, when tendered to a creditor always legally satisfies a debt to the 
extent of the amount tendered. However, no federal law mandates that a person or 
an organization must accept United States money as payment for goods or services 
not yet provided. That is, a business might specify a particular currency and therefore 
increase competition between currencies. 

2 Other attack motivations might include the facilitation of other cybercriminal activ- 
ities, e.g., using DDoS as a means to extract payments from a mining pool as part 
of an extortion ploy (Bj. Attacks might also be indicative of non-financial objectives, 
e.g., the earning of reputation in the attacker community or general disagreement 
with the goals and objectives of the Bitcoin community. 
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At least one mining pool, Altcoin.pw, appears to have shut down due to repeated 
DDoS attacks. 

Our study addresses the trade-off between two different investment dimen- 
sions in the context of Bitcoin creation: construction and destruction. Under the 
construction paradigm, a mining pool may invest in additional computing re- 
sources to increase the likelihood of winning the next race. Under the destruction 
focus, a mining pool may trigger a costly DDoS attack to lower the expected 
success outlook of a competing mining pool. 

We approach the study of this trade-off by developing a series of game- 
theoretical models. We begin our analysis with a simple model that presents a 
binary choice between investment and DDoS attack. Subsequently, we expand 
this baseline model to account for costs and the possibility of attack failure. Our 
goal is to give the reader initially an intuitive understanding about the impact 
of the different investment choices. With increasing model complexity, we aim 
for a heightened degree of realism regarding actual investment decisions. 

Our work is important because it contributes to a greater understanding of 
the inherent risks of the Bitcoin economy. Due to its decentralized nature, in- 
ternational focus and lack of regulation, the existing competing and misaligned 
interests prevalent in the Bitcoin community can frequently lead to undesirable 
outcomes. For example, many Bitcoin currency exchanges have a short survival 
time, often leaving their customers in the lurch u\. The scenario we study be- 
comes an increasingly central concern to Bitcoin mining pools. With accelerating 
upfront investment costs to compete in the Bitcoin mining race, the associated 
risks are ballooning as well, e.g., interference with the mining operations be- 
comes more costly. Responding to such threats requires a good understanding 
of the economic impact of attacks and potential countermeasures. 

Our presentation proceeds as follows. In Section [21 we briefly discuss related 
work with a focus on theoretical research. In Section[3j we develop and analyze a 
scries of game-theoretical models. We discuss the practical implications of these 
analyses and conclude in Section [4] 

2 Related work 



Our model is concerned with DDoS attacks as a strategic choice impacting the 
Bitcoin mining race. As such, we focus in our review on research in which ad- 
versarial interests are the subject of economic models. However, relatively little 
work has addressed the strategic choices of attackers and cybercriminals. Fultz 
and Grossklags model strategic attackers and the competition between those 
attackers [§]. In their model, attackers and defenders have to be cognizant of 
inherent interdependencies that shape the impact of offensive and defensive ac- 
tions [9}[ToJ[Ti]. 

Similarly, Clark and Konrad present a game-theoretic model with one de- 
fender and one attacker. The defending player has to successfully protect multiple 
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nodes while the attacker must merely compromise a single point 12 
et al 



Cavusoglu 



13 analyze the decision-making problem of a firm when attack probabili- 



ties are externally given compared to a scenario when the attacker is explicitly 
modeled as a strategic player in a game-theoretic framework. 

Cremonini and Nizovtsev compare attacker decisions under different scenar- 
ios of information availability regarding defensive strength 14 . Schechter and 
Smith |15| draw upon the economics of crime literature to construct a model of 
attackers in the computer security context [16] . They derive the penalties and 
probabilities of enforcement that will deter an attacker who acts as an utility 
optimizer evaluating the risks and rewards of committing an offense. 



Several surveys have summarized the achievements in this area 17 18 19 



Research on the economics of DDoS attacks has focused on the organization of 
an effective defense |20[|21j|22] . For example, Liu et al. develop a game-theoretic 
model of DDoS attacker-defender interactions, and conduct a network simulation 



study which utilizes their model to infer DDoS attack strategies 20 



More closely related to our work is a paper by Li et al. 23 . They model the 
incentives of a botnet herder to maintain a zombie network for the primary pur- 
pose of renting a sufficiently large subset to a DDoS attacker. They investigate 
whether this business relationship can remain profitable if defenders can pollute 
the botnet with decoy machines (which lowers the effectiveness of a DDoS at- 
tack). Complementary to this work, Christin et al. investigate the incentives of 
a group of defenders when they face the threat of being absorbed into a bot- 



net, e.g., for the purpose of a DDoS attack 24 . Their model shows how the 
bounded rationality of defenders can contribute to lower defensive investments 
and a higher risk of security compromise. 

We are unaware of any economic research that investigates the potential 
impact of DDoS attacks on the Bitcoin economy. 



In this subsection, we briefly report on research studies that investigate the 
stability of Bitcoin to economically-driven attacks. We do not review research 
on the robustness of the cryptographic underpinnings of Bitcoin. 

Kroll et al. study the stability of Bitcoin mining if an outsider has motiva- 



tion to destroy the currency 25 . More specifically, their "Goldfinger" attack 
compares on a high level the collective benefit of Bitcoin mining with some ex- 
ternally given incentive to destroy the economy altogether. They also study the 
likelihood of deviations from the consensus process of Bitcoin mining. 

Similarly, Barber et al. perform an in-depth investigation of the success of 
Bitcoin, and study the characteristics of a "doomsday" attack in which the 
complete transaction history would be invalidated by an adversary with vastly 
superior computing power [3j . They also investigate a number of other potential 
weaknesses, and propose improvements to the Bitcoin protocol. 
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Babaioff et al. show that, as the Bitcoin protocol is currently denned, it does 
not provide incentives for nodes to broadcast transactions; in fact, it provides 
strong disincentives 26 . However, the Bitcoin economy seems to be - at least 
in this respect - working well in practice. The authors propose a solution for 
this potential problem, which is based on augmenting the Bitcoin protocol with 
a scheme for rewarding information propagation. 



3 Game-Theoretic Model and Analysis 

Our modeling approach focuses on the incentives of Bitcoin mining pool opera- 
tors to initiate distributed denial of service attacks against other mining pools. 
Toward this end, we begin our analysis with a very simple model that presents a 
binary choice between investment and attack. Subsequently, we expand the base- 
line model to account for the possibility of attack failure, and then to consider 
linear investment and attack costs. 

In each model, we focus on exactly two players - a big player B and a small 
player S. By the size comparison, we simply mean that B has more computa- 
tional power to mine bitcoins than S. A third entity R represents the rest of 
the Bitcoin mining market. R behaves heuristically and thus is not a player in 
a game-theoretical sense. In equations, we overload the notation £?, S, and R to 
represent the value of the respective player's computing power. 

Each player's decision space involves a binary choice of investment - either 
to invest in additional computing power, or to initiate a DDoS attack against 
the other strategic player. The outcome of each player's decision is realized over 
a time scale that is long enough so that payoffs to pools in bitcoins are realized 
according to the mining probabilities, but short enough so that reaching an 
approximate equilibrium in the relative computational power of mining pools is 
a reasonable assumption. 



We assume that the Bitcoin mining market increases computational power over 
the game's time scale at a fixed rate e; and that the market is at an equilibrium 
with respect to each player's relative computing power. Each player's base strat- 
egy is to maintain the market equilibrium by investing in computation to keep 
up with the market. Each player's alternative strategy is to use those resources 
that would have been used for increased computation to initiate a DDoS attack 
against the other strategic player. 

In the baseline model, we assume that DDoS attacks are 100% effective, so 
that a player who is subject to the attack cannot mine any Bitcoins for the 
duration of the game's time scale. Secondly, in the baseline model, we assume 
that the costs to invest or initiate an attack are negligible relative to the overall 
Bitcoin revenue, so that they do not factor into the players' strategic decisions. 

The payoff for each player is determined by the expected value of the fraction 
of Bitcoins that they mine. If both players use the base strategy to keep up with 
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the market, then the payoff of player S is 

5(1 + s) _ S 

(B + S + R)(l + e) ~ B + S + R' 

similarly, the payoff for player B is 

B 

B + S + R' 

If both players initiate DDoS attacks against each other, then they each receive 
nothing. If player S initiates a DDoS attack against player B, while B keeps up 
with the market, then B receives nothing, and S receives 

S 

S + R(l + e)' 

These consequences are symmetric with respect to S and B. 

The full payoff matrix for each player is summarized in Table ^ From this, we 
derive each players' best responses to each of the the other player's strategies. 
Then we use best response conditions to classify the game's Nash equilibria. 
Finally, we provide numerical illustrations for the game's equilibria and analyze 
the corresponding implications. 



Table 1. Payoff Matrix for B,S 





Player B 






computation 


DDoS 


computation 

Player S 


B S Br, 
B+S+R' B+S+R B+R(l+e)'" 


DDoS 


o 0 

U > S+R(l+e) 


0,0 



Best- Response Strategies If player S invests in DDoS, then investing in DDoS 
and investing in computing are both best responses for player B, since they both 
yield a payoff of 0. On the other hand, if player S invests in computing, then 
investing in DDoS is a unique best response for player B if 

B B 

B + R{l+e) > (B + S + R) ' 

which reduces to 

Re < S. (1) 
Both DDoS and computing are best responses if 

Re = S ; (2) 

and computing is a unique best response otherwise. The best responses of player 
S analogous, with the constants B and S swapped. 
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Equilibria 

First, both players investing in DDoS is always a Nash equilibrium. How- 
ever, this is only a weak equilibrium, as both players are indifferent to their 
strategy choices. 

Second, both players investing in computing is an equilibrium if 

S <Rs (3) 

and 

B < Re . (4) 

Furthermore, the equilibrium is strict if both inequalities are strict. 
Finally, if only one of the above inequalities holds, then there is an equilib- 
rium in which the player whose inequality does not hold invests in DDoS, 
while the other player invests in computing. This is again a weak equilibrium, 
since the latter player is indifferent to her strategy. 




0.00 0.05 0.10 0.15 
B 

(a) Equilibrium strategy 
profiles for players (B, S) 
as a function of the players' 
sizes. The letters c and D 
abbreviate computation and 
DDoS, respectively. 



B 

(b) Equilibrium payoff of 
player B (lighter shades 
represent higher payoffs). 
Where there are multiple 
equilibria, the figure shows 
the average payoff. 




0.05 0.10 0.15 0.2C 
B 

(c) Average equilibrium pay- 
offs of players B (solid) and 
S (dotted) as a function of 
B, with S = O.f . 



Fig. 1. Equilibria for various values of B and S. The increase in computational power 
is e = 0.1. 



Numerical Illustrations Figure [T] shows features of the Nash equilibria for various 
values of B and S. Figure [la] divides the parameter space based on the set of 
equilibrium profiles. Figure [Tb| shows the payoff of player B as a function of the 
relative sizes of B and S, where the average payoff is taken for regions having 
multiple equilibria. The average payoffs of players B and S (for a fixed S) are 



shown as a function of B by Figure lc 
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From Figure la we see immediately that it is always a weak equilibrium for 
each player to DDoS the other. This happens because, with perfect effectiveness 
of DDoS, the player being attacked loses all incentives related to their strategic 
choice, and thus can choose an arbitrary strategy. We extend the model in the 
next section to incorporate imperfect DDoS, which alleviates this phenomenon. 
From the same figure, we also see that if either player becomes much larger 
than the market growth rate, there is no incentive to mutually cooperate. In 
these regions, one of the players always has a greater incentive to DDoS if her 
opponent invests in computation. The slant of the dividing lines also shows 
that the tendency to avoid cooperation is slightly affected by a player's own 
size. Figure [lb] shows that in this model, the large player fares extremely poorly 
against a small player if her size becomes too large relative to the market growth 
rate. 



In the first extension of our baseline model, we assume that DDoS attacks are 
successful only with fixed probability 1 — a. For numerical illustrations, we take a 
to be 0.2. The new payoffs (with arbitrary a) for players B and S are summarized 
in Table [2 



Table 2. Payoff Matrix for B,S with Imperfect DDoS 







B 




computation 


DDoS 


computation 
DDoS 


B s 


B <rS(l + e) 


B+S+R' B+S+R 
<rS(l+e) S 


B+(oS+R)(\+e) ' B+(aS+R)(l+£) 
aB aS 


(<rB+fl)(l+e)+S' (o-B+.R)(H 


-e)+S a(S+S)+fl(l+e) ' <r(B+S) + R(l+e) 



Best-Response Strategies If player S invests in computation, then investing in 
computation is a best response for player B if 



B B 

> 



B + S + R ~ B + (ctS + R)(l + e) 

which reduces to 



S < ^ ; (5) 

and investing in DDoS is a best response if 

If player S initiates a DDoS attack, then investing in computation is a best 
response for player B if 

o-B{l+e) oB 



(aB + R)(l + e) + S ~ a(B + S) + R(l + e) ' 
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which reduces to 

eR 



L ° l+e 

and investing in DDoS is a best response if 

l+e 

Equilibria The game's equilibria depend on the sizes of B and S compared to the 
quantities 1 _ c ^ +e ^ and 1 £ R s . Note that we would expect the first quantity 

to be smaller, because we typically have a < . Concretely, for example, this 
desired relation holds when the growth rate e is less than 100% and the DDoS 
failure rate a is at most 50%. 

First, both players investing in DDoS is a Nash equilibrium whenever 

B,S> - ER e (9) 

1 — (7 — T"i — 

l+e 

and the equilibrium is strict whenever the inequality is strict. 
Second, both players investing in computing is an equilibrium if 

B,S< ^ r (10) 

- l-o-(l + e) V ' 

and again the equilibrium is strict if the inequality is strict. 

Third, there exists an equilibrium in which S initiates a DDoS attack and 

B invests in computation whenever 

B> (11) 

-l-<7(l + e) y ' 

and 

s - i~77T~jT ■ C> 

l+e 

Finally, there is a sub-case of the previous condition in which B can initiate 
a DDoS attack while S invests in computation, if 

£ -^—<B,S< £B ^. (13) 

l-a(l + e) ~ ~ V ' 

Numerical Illustration Figure[2j illustrates features of the equilibria for the base- 
line model with imperfect DDoS. Figure [2a| d ivides the parameter space based 
on the set of equilibrium profiles. Figurc[2b| shows the payoff of player B as 
a function of the relative sizes of B and S ; and Figure [2c] shows the payoff of 
players B and S (for a fixed S) as a function of B. 

From Figure [2a] we see that, (compared to the baseline model) there is no 
longer a weak equilibrium in which each player initiates a DDoS attack against 
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0.0 0.1 0.2 0.3 



0.0 0.1 0.2 0.3 0.4 



(a) Equilibrium strategy 
profiles for players (B, S) 
as a function of the players' 
sizes. The letters c and D 



(b) Equilibrium payoff of (c) Equilibrium payoff of 
player B (lighter shades players B (solid) and S (dot- 
represent higher payoffs), ted) as a function of B for 
Where there are multiple S = 0.1. 



abbreviate computation and equilibria, the figure shows 



DDoS, respectively. 



the average payoff. 



Fig. 2. Equilibria for various values of B and S. The increase in computational power 
is s = 0.1, and the success probability of DDoS is 1 — a = 0.8. 



the other; and in most parameter configurations, there is now a unique equilib- 
rium. For each player, this unique equilibrium strategy is primarily determined 
by her opponent's computational power. Once the opponent reaches a given 
threshold, it is in the player's best interest to DDoS that opponent. The slanted 
nature of the equilibrium-dividing lines shows that a player's equilibrium strat- 
egy is also determined to a weaker degree by her own computational power, with 
larger players having slightly more incentive to attack. Finally, there is a region 
for players of medium and comparable sizes, in which the game has two com- 
peting equilibria. The strategic dynamic in this region is similar to the classical 
game of battle of the sexes. 



The third extension of our baseline model combines the features of imperfect 
DDoS attacks and linear costs for player investment choices. Here we assume 
that the cost of an investment to keep up with the mining market is proportional 
to the size of the investing player, and that the cost to initiate a DDoS attack 
is proportional to the size of the player who is being attacked. 

If S invests in computation, she incurs a cost of jS; while if S initiates a 
DDoS attack against player B, it results in a cost of XB. Other things being 
equal, we suppose that a DDoS attack should cost less than an investment in 
computation, so for our numerical illustrations, we choose an assignment with 
A < 7. The resulting payoffs for players B and S (for arbitrary 7 and A) are 
summarized in Tables [3] and |U 
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Table 3. Payoff Matrix for B with Imperfect DDoS and Linear Costs 

B 



11 



computation 
DDoS 



computation 



DDoS 



B+S+R 7-B 



\s, 



B+(aS+R)(l+e) 

aB XS 



(<TB+i?)(l+e) + S <r(B+S)+fl(l+e) 

Table 4. Payoff Matrix for S with Imperfect DDoS and Linear Costs 



computation 
DDoS 



computation 



DDoS 



B+S+R 

S 

(crB+R)(l+e)+S 



7 S 



AB 



<rS(l+e) 
B+(<tS+B)(1+e) 

aS 

<t(B + S) + B(1+e) 



XB 



Best-Response Strategies If player S invests in computation, then investing in 
computation is a best response for player B if 



B B 
B + S + R ~ lB ~ B+(aS + R)(l + e) ~ XS 



and investing in DDoS is a best response if 

B B 

7-B < 



B + S + R 



B+(aS + R)(l + e) 



XS . 



(14) 



(15) 



If player S initiates a DDoS attack, then investing in computation is a best 
response for player B if 



gg(l+g) yB> <?B 

(aB + R)(l + e) + S 7 " a{B + S) + R(l + e) 



and investing in DDoS is a best response if 
oB{l + e) 



-jB< 



aB 



-XS 



(16) 



(17) 



(aB + R)(l + e) + S ' ~ a(B + S) + R(l + e) 
Equilibria 

First, both players initiating DDoS attacks is a Nash equilibrium whenever 
B B 



and 



B + S + R 
S 

B + S + R 



7-B > 



7-S > 



B+(aS + R)(l + e) 

5^ 

(aB + R)(l + e) + S ' 



XS 



XB . 



(18) 
(19) 



12 



Benjamin Johnson, Aron Laszka, Jens Grossklags, Marie Vasek, Tyler Moore 



Second, both players investing in computing is an equilibrium if 
aB(l + e) „ . aB 



and 



(aB + R)(l + e) + S 
aS(l+e) 



-lB< 



a(B + S) + R(l + e) 
aS 



-XS 



XB . 



(20) 



(21) 



B + (aS + R)(l + e) ' ~ a(B + S) + R(l + e) 

Third, an equilibrium in which S conducts a DDoS attack against B while 
B invests in computation may occur when 



aB(l + e) 



and 



(aB + R){l + s) + S 
S 



7-B < 



aB 



B + S + R 



jS < 



a(B + S) + R(l + e) 
S 



XS 



XB . 



(22) 



(23) 



(aB + R)(l + e) + S 

Finally, there can be an equilibrium in which B conducts a DDoS attack 
against S while S invests in computation whenever the roles of B and S are 
interchanged in the two inequalities from the previous case. 



P, c) \ 


(D. D) 


(CO) 


I (C D) 





(a) Equilibrium strategy (b) Equilibrium payoff of (c) Equilibrium payoff of 
profiles for players (B, S) player B (lighter shades players B (solid) and S (dot- 
as a function of the players' represent higher payoffs), ted) as a function of B for 
sizes. The letters c and D Where there are multiple S = 0.1. 
abbreviate computation and equilibria, the figure shows 
DDoS, respectively. the average payoff. 

Fig. 3. Equilibria for various values of B and S. The increase in computational power 
is e = 0.1, the success probability of DDoS is 1 — a = 0.8, and the linear cost factors 
for investing into computation and DDoS are 7 = 0.002 and A = 0.001. 



Numerical Illustration Figure 
values of B and S. Figure [3a 



3^ shows features of the Nash equilibria for various 
divides the parameter space based on the set of 
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equilibrium profiles. Figure 3b shows the payoff of player B as a function of the 
relative sizes of B and S; and Figure 3c shows the payoff of players B and S (for 
a fixed S) as a function of B. 

The addition of costs to the model keeps the smallest players from partici- 
pating in DDoS attacks, as they are best served by investing in their own compu- 
tational prowess. Aside from this, the dynamics of the equilibrium strategies are 
largely similar to the model without costs. Namely, players are still incentivized 
to attack large players, and slightly more so if they are larger themselves. There 
still remains a small region for midsize players in which either player can attack 
the other; and with the possible exception of an extremely large player, the pay- 
offs are generally higher for a player whose size lies just below the threshold for 
being attacked. 



4 Conclusions and Future Work 

We set out in this work to understand the motivation behind recent DDoS attacks 
against Bitcoin mining pools. To do this, we analyzed a series of game-theoretical 
models involving two mining pools with different sizes. Several fundamental dy- 
namics of this game were common to all models and seem well-motivated in 
the context of Bitcoin. First, we saw that there is a greater incentive to attack 
a larger mining pool than a smaller one. This finding is intuitive because each 
pool battles for the reward; and eliminating the largest mining pool has the 
greatest impact on the chances of the remaining mining pools to win. It is also 
consistent with what has been observed empirically: 63% of large mining pools 
have experienced DDoS attacks, compared to just 17% of small ones [6j. Second, 
we observed that the larger mining pool has a slightly greater incentive to at- 
tack than the smaller mining pool. This dynamic arises because a larger mining 
pool has a smaller relative competitor base, and eliminating a competitor from a 
small base yields more benefit than eliminating one from a larger base. Finally, 
there is a size threshold such that mining pools larger than this threshold are 
subject to economically-motivated attacks; and pools smaller than the threshold 
are not. Furthermore, players whose sizes are just below this threshold tend to 
receive the highest payoffs. 

From our modeling extensions we found additional insights. First, if attacks 
can be mitigated, then the size threshold for a mining pool to be safe from 
DDoS increases. That is, the market will tolerate (without attempting an attack) 
progressively larger pools as attacks become less effective. Second, the prevalence 
of costs can keep smaller players out of the DDoS market, but these do not change 
the core dynamics for mid-size and large mining pools. 

There are many extensions to pursue in future work. A more direct economic 
approach to the cost dimension would have each player optimize their own invest- 
ment costs relative to their current size. A player's choice of whether to initiate 
a DDoS attack would depend on the solution to two investment optimization 
problems. This extension would improve realism and reduce the game's exoge- 
nous parameters at the expense of additional model complexity. Another way to 
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extend the model would be to give DDoS attacks a variable cost constraining 
their effectiveness. Finally, our work considers the incentives of mining pools 
as a whole, but in reality most pools consist of heterogeneous individuals who 
have a choice to change pools. By expanding our game to an iterated version in 
which individual players could switch mining pools between rounds, we might 
gain further insights into the strategies we see in today's Bitcoin mining market. 
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